[Haskell-cafe] Digests

2010/12/3 Permjacov Evgeniy <permeakra at gmail.com>:
> The data integrity checks is well-known problem. A common soluting is
> use of 'checksums'. Most of them , however, are built in quite
> obfuscated manner (like md5) that results in ugly and error-prone
> implementations (see reference implementation for same md5).
>> So, the question is: is there a checksum, that is easy to implement over
> stream of bytes and may work as good checksum and is good in sence that
> creation of messages with same checksum that given message has is very
> hard problem (at least 2^128 tries) ?
2^128 tries needed for hash size of 256 bits. See
http://en.wikipedia.org/wiki/Birthday_attack
Most of the time you can get away with usual block ciphers (and even
with weaker parameters). There is a scheme that transforms block
cipher into hash function:
http://en.wikipedia.org/wiki/CRHF#Hash_functions_based_on_block_ciphers
RC5, for example, parametrized by number of encryption rounds. RC5
with 12 rounds has sufficiently good avalanche (spread of bit change)
so that you can use 12-round RC-5 instead of full death proof
20-round.